security hole

The fine folks over at Android Police have discovered that many HTC devices have a huge security hole due to a recent Android update. The results are pretty shocking, and HTC has no one to blame but themselves. In a recent update, HTC included a set of logging tools that logs users email accounts, last known network and GPS connection, phone numbers that have been recently dialed, encoded SMS data (probably can be decoded), and system logs.

Okay so HTC logs all of this, what’s the big deal? The big deal is that any app that requests android.permission.INTERNET can get their hands on this information. Phones include the Thunderbolt, Evo 4G, Evo 3D, and more.

As of now, the only way to patch this hole is to root your device and remove /system/app/HtcLoggers.apk. If you’re not rooted, stay away from sketchy apps. As Android Police points out, even a high-quality app could still get their hands on this information. Android Police has all of the technical details.

Expand
Expanding
Close

[youtube=http://www.youtube.com/watch?v=V9tXDLyeoBE]

BGR has discovered a pretty big security flaw in AT&T’s version of the Galaxy S II, which hits shelves tomorrow. For users who have a unlock pattern or pin set, they can simply bypass it by waking up their screen to unlock and then let the screen timeout to go black. Then simply, the user can wake up the phone once again and they’ll no longer have to use a pattern or pin to access the phone. BGR shows how simple it is in the video above.

Samsung offers a temporary work around, while they work on a permanent solution, after the break:

Expand
Expanding
Close